UbuntuUpdates.org

Package "libyaml-libyaml-perl"

Name: libyaml-libyaml-perl

Description:

Perl interface to libyaml, a YAML implementation
Latest version: 0.38-2ubuntu0.2
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://search.cpan.org/dist/YAML-LibYAML/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libyaml-libyaml-perl"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libyaml-libyaml-perl" in Precise

Repository Area Version
base main 0.38-2
security main 0.38-2ubuntu0.2

Changelog

Version: 0.38-2ubuntu0.2 2015-01-12 23:06:33 UTC

  libyaml-libyaml-perl (0.38-2ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via triggered assertion
    - debian/patches/CVE-2014-9130.patch: remove assertion
    - CVE-2014-9130
 -- Steve Beattie <email address hidden> Thu, 08 Jan 2015 18:11:32 -0800
Source diff to previous version
CVE-2014-9130 scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial

Version: 0.38-2ubuntu0.1 2014-04-03 16:06:42 UTC

  libyaml-libyaml-perl (0.38-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    large yaml documents
    - debian/patches/CVE-2013-6393.patch: fix integer overflows in
      LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
      LibYAML/yaml_private.h.
    - CVE-2013-6393
  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      LibYAML/scanner.c, LibYAML/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden> Wed, 02 Apr 2014 14:41:53 -0400
CVE-2013-6393 heap-based buffer overflow when parsing YAML tags
CVE-2014-2525 Heap-based buffer overflow in the yaml_parser_scan_uri_escapes ...


About   -   Send Feedback to @ubuntu_updates